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novelty - This invention relates to a grouped ciphering method including 
dividing clear text data into groups of clear text data, designing keying 
forming a S box (replacement list) made up of 256 elements; as the 
initial condition of shift register, the clear text data shift riqht a 
certain beats in first nonlinear logic then shift left a certain beats 
according to second nonlinear logic then repeats just like playing swing 
till the pre-designed turns to output the obtained shift register condition 
as the cipher set corresponding to the clear text set, and nonlinear logic 
relations between them is made up of feedback variations through S box 
many times. Condition changes of shift register cleverly enforce clear text 
mixture and divergence. 
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Establishing initial synchronization for link between mobile terminal and 
base station in cellular radio communication network in way that avoids 
deadlock conditions 
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Alerting Abstract wo Al 

NOVELTY - involves determining a chip offset of the strongest path 
detected over a frame of samples, in response to the determined chip 
offset, a scrambling code group number and slot offset are generated to 
retrieve the second synchronization code. A primary scrambling code is 
retrieved, in response to the code group number, to synchronize the user 
equipment to the base station. 

DESCRIPTION - An independent CLAIM is included for a system. 

USE - For establishing initial synchronization for the link between 
mobile terminal and a base station in a cellular radio communication 
network. 

ADVANTAGE - Uses window exclusion logic in order to avoid a deadlock 
condition upon a detection of the wrong public land mobile network (PLMN). 

description OF drawings - The drawing shows a block diagram of the system 
used to implement the method. 
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Electronic mail system deletes mail address of user after forwarding mail 
to other party' s message box , whose compatibility level satisfying 
preset tolerance is judged by referring to registered user information 
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NOVELTY - Host computer (1) connected to terminal equipments (3-1 - 3-n), 
registers user information in memory, based on which compatibility of user 
sending mail is judged, user's compatibility level satisfying preset 
tolerance is judged to generate common message box. Mail is forwarded to 
other party after enciphering mail address, user's mail address is 
deleted after forwarding mail to other party 1 s message box . 

DESCRIPTION - The compatibility of the user is judged based on program 
stored in the host computer. The level of compatibility is calculated and 
the common message box is generated only when the compatibility level of 
user satisfies predetermined tolerance limit. 

USE - Electronic mail system with user's secrecy protection function. 

ADVANTAGE - Secrecy of the user is maintained by deleting the user's mail 
address after transmitting mail to the other party' s message box . 
Transmitting and receiving compatibility is judged effectively by referring 
to information stored in memory of host computer. 

DESCRIPTION OF DRAWINGS - The figure shows the explanatory drawing of 
electronic mail system (The drawing includes non-English language text). 
1 Host computer 
3-1 - 3-n Terminal equipments 
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Encryption program used for electronic mail security, includes instructions 
for performing mixing of data segments, swapping and substitution 
iterative!/ for preset times using different sub-keys 
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NOVELTY - The programs include instruction to receive input data with 
each data segments having bytes equal to block length of variable length 
block for ciphering. The input data segments is mixed using XOR operations 
and substitution box ( S - box ) look-up operation. The mixed segments 
are swapped and XOR of swapped segments and S - box look-up are performed 
to produce substituted bytes. The process is iterated for preset times 
using different sub-keys. 

DESCRIPTION - The sub-keys are generated using the symmetric input key 
distinctly for every round of encryption. INDEPENDENT CLAIMS are also 
included for the following: 



1. Encryption system; 



2. Encryption method 

USE - For encrypting input data using block cipher algorithm for secure 
storage of e.g. customer accounts in bank, credit company. 

ADVANTAGE - The block cipher algorithm allows variation of block size, 
key size and number of encryption cycles and uses logical XOR operation 
which reduces time used for encrypting and decrypting data. 

DESCRIPTION OF DRAWINGS - The figure shows the flowchart of encryption 
process. 
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Computer- readable code for providing a byte symmetric key block cipher, has 
computer- readable program code section used for treating substituted bytes 
as input data bytes for subsequent iteration 
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NOVELTY - A byte value is determined by performing a third XOR operation 
followed by a second S - box lookup operation to create multiple 
substituted bytes. A computer- readable program code section is used for 
treating the substituted bytes as input data bytes for a subsequent 
iteration of the program code section. 

DESCRIPTION - independent CLAIMS are al so included for the following: 

1. a byte-oriented symmetric key block cipher providing system; 

2. a byte-oriented symmetric key block cipher providing method. 

USE - For providing a byte symmetric key block cipher for encryption and 
decryption in computer system. 

ADVANTAGE - Improves encryption strength while enhancing encryption 
efficiency. Maximizes the number of environments in which solution can be 
used. Enables efficient and error-free decryption of encrypted data. 

DESCRIPTION OF DRAWINGS - The figure shows the flowchart of a logic used 
for data block encryption. 
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Authorizing film holder to access remote look - up table of film photo 

finishing data, matching encrypted segments of access code 
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NOVELTY - Film is registered by docking (138) in input device and reading 
first segment of identifier marked on film, which includes one or both 
segments of access code . One segment of access code is encryption 
of other segment . user or holder of film can only access data stored in 

look - up table (12) if code value obtained by decrypting first segment 
, matches second segment. 

DESCRIPTION - Film is registered by docking in input device and reading 
first segment of identifier marked on film. Identifier includes one or both 

segments of access code . One segment is encryption of other, user or 
holder of film can only access data stored in look - up table (12) if 
code value obtained by decrypting first segment , matches second segment 
. Key used to decrypt encrypted first segment of access code , is 
maintained and supplied by input or photo finishing unit (14), or by 
gatekeeper part of look - up table . Key is based on symmetric 
encryption-decryption algorithm or asymmetric encryption-decryption 
algorithm. 

USE - To access film photo finishing data stored in remote look - up 
table for one-time use camera. 

DESCRIPTION OF DRAWINGS - view of system including access coded film 
unit. 

12 Look - up table 

14 Photo finishing unit 
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Packet data communication controller used in network communication, 
includes pair of switches which feed packet data directly to controller and 
write unit according to its operation condition 
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NOVELTY - A data read transmission control unit receives the input data 
from system bus of a host and transmits it to transmission controller 
directly or through a compression and encryption unit according to the 
operation mode of a first switch. Similarly the receiving control unit 
directly transfers the received data to write unit or through decryption 
units, based on operation mode of second switch. 

DESCRIPTION - when the first switch is in second mode, the received input 
data is fed to a data compression unit which compresses part of input data. 
The compressed data is contained in the second section of the data 
communication packet. A data encryption unit receives the packet through 
an integrity check value (icv) calculation unit calculates lev by 
numerically summing the data part of the packet. The calculated icv is 
added to the end of the data packet, which is then encrypted by the 
encryption unit, based on transmission encryption key transferred from 
session key look up table ( LUT ). Then, the encrypted packet is 
transmitted to the network by network transmission controller, according to 
determined transmission data. The received data is directly fed to 
controller, when first switch is in first state. A data receiving control 
unit receives the data from network and feeds the data to the data 
decompression unit, when the second switch is in second state. The 
decryption unit decompresses the encrypted and compressed section of the 
received data packet. The decrypted data packet is fed to a decompression 
unit through icv verification unit. The icv verification unit calculates 
the ICV and compares it with value stored in packet, if any error is found, 
the packet is discarded and message is transmitted to the host system. If 
the values are identical, the data packet is fed to the decompression unit. 
Then, the data packet is supplied to the data write unit after 
decompression. An independent claim is also included for method for 
processing data packet. 

USE - For network communication e.g. for local area network (LAN), wide 
area network (WAN) . 



ADVANTAGE - By incorporating several functions in single electronic 
circuit, the time delay from one unit to next is considerably reduced 
compared to time delay between discrete electronic components. The network 
controller further more controls the transmission FIFO so as to guarantee 
the continuous supply of bytes from the transmission FIFO to the network 
transmission controller, this ensures that the transmission is 
extraordinarily fast. By continuously monitoring if the data communication 
packets processed one within the packet specifications of the network, any 
redundant operations are eliminated, and thus the number of data 
communication packet transmitted on the network is reduced. The ICV 
calculation and verification ensures that no excessive time is spent on 
corrupted data communication packets at the receiving end of the 
transmission, therefore the implementation of this calculation verification 
reduces unnecessary data communication packet processing. The switches 
ensures fast recognition of clear text and consequently bypassing or 
disabling the series configuration, respectively. 

DESCRIPTION OF DRAWINGS - The figure shows the schematic block diagram 
explaining data encryption and decryption in communication controller. 

Title Terms/index Terms/Additional words: packet; data; communicate; 
control; network; pair; switch; feed; writing; unit; accord; operate; 

CONDITION 

Class Codes 

international Classification (Main): H03M-007/30, H03M-007/38 

(Addi ti onal /Secondary) : H04L-009/12 
US Classification, Issued: 380255000, 380256000, 380257000, 380269000, 
713168000 

File Segment: EPI; 
DWPI Class: U21; W01 

Manual Codes (EPI/S-X) : U21-A05A2; W01-A03B; W01-A05A; W01-A06B5A; 
W01-A06B5B; W01-A06G2 



12/2/9 (item 9 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2006 The Thomson Corporation. All rts. reserv. 

0010094892 - Drawing available 
WPI ACC NO: 2000-401721/200035 
XRPX Acc No: N2000-300861 

Encryption/decryption unit for encrypting plain text into cipher text with 
compatibility with all types of previous encryptors/decryptors 
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novelty - includes encryption/decryptor (11) for performing an encryption 
or decryption process. A substitutor (12) performs data substitution of an 
output from the encryption/decryptor to a set permutation table. A second 
encryption/decryptor (13) for performing an encryption or decryption 
process for an output from the first substitutor. A second substitutor (14) 
performs data substitution of an output from the second 
encryption/decryptor to a set permutation table. Finally a third 
encryption/decryptor (15) for performing an encryption or decryption 



process for an output from the second substi tutor. All 
encryption/decryption use the same algorithm. 

USE - For encrypting plain text into cipher text. 

ADVANTAGE - implements single algorithm which is compatible with all the 
DES, triple-DES and DES-SS. 

DESCRIPTION OF DRAWINGS - The drawing shows a schematic diagram of the 
encryption/decryption unit. 

11 Encryption/decryptor 

12 Substi tutor 

13 Second encryption/decryptor 

14 Second substi tutor 

15 Third encryption/decryptor 
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NOVELTY - The method involves first bit-moving variable bits of a round 
segment of data derived from one of the first and second round segments of 
data by set numbers of bits where most of the resulting bits affect the 
n-bit block of data. The first bit-moving is an operation selected from a 
roup consisting of circular bit- rotation by nonzero numbers of bits, 
ogical bit-shift by nonzero numbers of bits, nonidentity bit-permutation. 
DESCRIPTION - To compute the primary round segments (R0,Rl) in the second 



half round, the following procedure is used. First, linearly combine (block 
(130) using the operator (i_4) the primary segment (RO) with the sub-kev K3) 
to produce an intermediate round segment. Linearly combine (block (132) 
using the operator l_5) that intermediate segment and Ri producing a 
replacement value of Ri . Then, extract (block (134) a value v from R0) by 
taking f of the lsb bits of register (R0) . Rotate (block (136) the 
replacement value of Ri by the value v just extracted. This resulting value 
of Rl after the rotation is the new value of Ri (block (138). Then rotate 
(block (140) the value of R0) rightward by f bits. The resulting value of 
(rO) is the new value of (RO) . 
An independent CLAIM is included for: 

1. a binary block cipher data transformation system 

2. a method of key expansion for block ciphers 

USE - The invention relates to block cipher secret-key cryptographic 
systems and methods. 

ADVANTAGE - The invention provides improvements in a secret-key 
cryptographic system and method which uses data-dependent rotations. The 
cryptographic systems and methods are secure using data-dependent rotation 
with a novel iterative calculation which is robust and may resists attacks 
by sophisticated algorithms which detect and take advantage of weak 
sub-keys to determine the keys of the cryptographic system. A novel 
mechanism and method provides quick key expansion, particularly for 
data-dependent encryption, which decreases the time required to prepare a 
block cipher to encrypt or decrypt digital packets of bytes. The 
cryptographic system and method use minimal numbers of s - boxes with a 
novel iterative calculation where the block cipher does not require an 
excessive startup time, yet is simple, secure and efficient for bulk 
encryption while uses no more on-chip cache than necessary. The invention 
provides a novel mechanism and method for complex key expansion, which uses 
a minimum amount of time to prepare a block cipher to encrypt or decrypt a 
large file and which nevertheless ensures that the sub-keys generated by 
the method reflect every bit of the key in a complex uncorrelated manner. 

DESCRIPTION OF DRAWINGS - The drawing is an algorithmic flowchart of 
encryption method. 
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Alerting Abstract wo Al 

The method of encryption involves receiving successive blocks of 

data, each being sub-divided into sub-blocks of data. Each sub-block is 
assigned to one of the individual substitution boxes . A statistically 
optimised permutation is selected. 

It is determined if a set of preselected exponents is to be applied to 
the permutation. The set of preselected exponents is applied to the 
permutation if it is determined that a set of preselected exponents is to 
be applied, otherwise an exponent of one to the permutation is applied. 
After each round of encryption, an output of each numbered substitution 
box is applied as an input to the substitution box whose number is 
indicated by the permutation. The last two stages are repeated for a 
predetermined number of rounds. 

USE/ADVANTAGE - Iterated block substitution system in which block 
substitution tables and pattern of inter round mixing are changed 
frequently, interactions between sub blocks enhance mixing process and 
allow for inter round mixing in which sub blocks rather than individual 
blocks are permuted. 
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Alerting Abstract us a 

The method of securely transmitting packet data between a client and a 
server with packets encrypted by S - box data involves using at least one 
communication channel to transmit packets between at least one client and a 
server. A first logon packet including information identifying the client 
source system is encrypted in the client and transmitted to the server. The 
logon packet is decrypted in the server. 

A second logon packet is encrypted in the server with client 
authenticating information and transmitted to the client. The second logon 
packet is decrypted in the client. A third logon packet with session 
information is encrypted in the client and transmitted to the server. The 
third logon packet is then decrypted in the server. A fourth logon packet 
is encrypted in the server with session information and transmitted to the 
client. The fourth logon packet is decrypted in the client. Encrypted data 
packets are transmitted between the client and server which are encrypted 
using S - box encryption. The client and server can establish secure 
communications by bi-directionally transmitting encrypted data. 

USE/ADVANTAGE - Ensures that access to data is restricted to authorised 
parties whilst providing consistent performance. 
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Alerting Abstract wo Al 

The encryption/decryption device enables encrypted communication between 
two stations, each incorporating such an appts. The appts. is arranged to 
generate a set of look - up tables in accordance with a session key 
and temporarily stores the tables in memory. Each successive element of a 
message is converted to a code through use of the look - up tables . 

Pref., the device is arranged for use of a fresh session key at intervals 
during the course of each transmission. Each element of the message is 
converted to its code by a procedure which involves addressing one of the 
look - up tables and using the output of that table to address another 
of the look - up tables . 

USE/ADVANTAGE - Telephone, computer and facsimile data encryption system. 
Fast generation of tables and therefore procedure. 
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Abstract: in this paper we examine a new private key encryption algorithm 
referred to as CAST. Specifically, we investigate the security of the 
cipher with respect to linear cryptanalysis. From our analysis we conclude 
that it is easy to select S - boxes so that an efficient implementation 
of the CAST algorithm is demonstrably resistant to linear cryptanalysis. 
(Author abstract) 9 Refs. 
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This thesis investigates some security aspects of basic 
substitution-permutation encryption networks (SPNs). Compared to other 
block ciphers, SPNs have many desirable and predictable cryptographic 
properties which are very useful for the design and analysis of 
cryptosystems. 

we start with an estimate and upper bound on the nonlinearity 



distribution of s - boxes which shows that low nonlineari ties are very 
unlikely for large s - boxes . This further confirms the statement that 
large s - boxes have better cryptographic properties, in addition, we use 
statistical methods to measure the distance between SPNs and the ideal 
cipher. Based on the experimental results on XOR table distributions and 
supported by the results on nonlinearity, we show that SPNs converge to the 
ideal cipher with an increasing number of rounds. We also present a new 
differential -like attack which is easy to implement and outperforms the 
classical differential crypt-analysis on the basic SPN structure, in 
particular, it is shown that 64-bit SPNs with 8 x 8 s - boxes are 
resistant to our attack after 12 rounds. From the attack, it can be seen 
that the number of active s - boxes is very important. For a secure SPN, 
it is necessary to make the number of active s - boxes in the last round 
independent of the number of active s - boxes in previous rounds, in this 
respect, it is found that the number of active s - boxes in the last 
round becomes independent of the number of active s - boxes in the first 
round for basic SPNs with an increasing number of rounds. These experiments 
and the analytical results may be regarded as some evidence towards 
provable security for SPN cryptosystems. 
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Proposed by the Jakimoski and Kocarev was secure against differential and 
inear attacks. 
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It is shown that all of the outputs of the advanced encryption standard 
(aes) round function are in the same affine equivalence class. It is not 
clear whether this fact could help in a cryptanalytic attack on AES. 
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Java(TM). it may include look - up tables , stored keys, and various 
temporary data such as intermediate calculations and the state of the... 

...It may even include some or all of the initialization vectors and keys 
used to encrypt /decrypt or verify/authenticate the rest of the 
program information in block chains. This can allow the same vector or 
key information to be... would actually be data which is never processed. 

The external storage device 110 may be encrypted such that the 
blocks of program information, and authentication information are 
stored in non-sequential address location in the storage device. It would 
be preferable to include the high order address bits in encryption of 
the storage device so that any block of program information may be 
located anywhere in the memory space. Substitution tables (S-tables) 
can be used to eliminate regularity and add non-linearity in the address 
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..SPECIFICATION the cryptographic system of the present invention. If 
there is more plaintext left to be encrypted , as determined by query 
18, the next block of plaintext is selected at reference 20 and the 
next block is encrypted . if there is no more plaintext, then the 
system stops operation at reference 22. 
The. . . 

..tables in memory is shown in more detail in FIG. 2. A permutation table, 
an S - box table and an enclave table are initially loaded into the 
system's memory at reference... 
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...SPECIFICATION other holder of the film unit 10 access to the remotely 
stored data in the look - up table 12 if a code value obtained by 
decrypting a submitted first segment, matches a second segment. In 
accessing the look - up table 12, the film unit 10 is registered and 
the encrypted first segment of the access code 128 is detected. The 
registering preferably includes docking (138) the film unit 10 in an... 

...ordinary alphanumeric characters. 

in particular embodiments, the key 152 that is used to decrypt the 
encrypted first segment of the access code 128 is not recorded on 
the film unit 10. Referring to Figure 11, the key... 

...152 can alternatively be maintained and supplied by a gatekeeper 130, a 
portion of the look - up table 12 that controls access to the logical 
memory units 20. The decryption can be performed... 

...which could cause the corruption of valid information in logical memory 
units 20 in the look - up table 12. The key 152 can also take the 
form of a codebook, a table linking... 

...now to Figures 14-15, in some embodiments, the film unit 10 bears only 
the encrypted first segment. The second segment is present only in 
the look - up table 12. The film unit 10 can include a serial number 
or label number that is... 

...CLAIMS 10 wherein said decrypting further comprises maintaining a 
decryption key or code book in said look - up table . 
12. The method of claim 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, or 11 wherein said 
decrypting further comprises utilizing a symmetric or asymmetric 
encryption -decryption algorithm or a codebook of said first and 
second segments . 
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...SPECIFICATION decrypt key. 

According to one aspect of this embodiment, the encryption engine 
further includes w look - up tables for storing each of the possible 
w sets of permutations. According to a different aspect of this 
embodiment, the encryption engine further includes M<w look - up 
tables for storing M available sets of the possible w sets of 
permutations. According to a different aspect of this embodiment, the 

encryption engine further includes n<m<w look - up tables for 
storing N sets of permutations preselected from M available sets of the 
possible w. . . 

. . .decrypt key. 

According to one aspect of this embodiment, the encryption engine 
further includes w look - up tables for storing each of the possible 
w sets of permutations. According to a different aspect of this 
embodiment, the encryption engine further includes M<w look - up 
tables for storing M available sets of the possible w sets of 
permutations. According to a different aspect of this embodiment, the 
encryption engine further includes n<m<w look - up tables for 
storing N sets of permutations preselected from M available sets of the 
possible w. . . 
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...SPECIFICATION from an example cited in literature "t. Jakobsen, L. R. 
Knudsen, 'The interpolation Attack on Block cipher, 1 Fast Software 
Encryption workshop (FSE4) (Lecture Notes in Computer Science 1267), pp. 
28-40, Springer-verlag, 1997," it... 

...readily cryptanal yzed by the higher order and the interpolation 
cryptanalysis in the case where the S - box is formed by a function 
of a certain algebraic structure selected as a function resistant to the 



18/3 f K/18 (Item 18 from file: 348) 

DIALOG (R) Fi 1 e 348: EUROPEAN PATENTS 

(c) 2006 European Patent Office. All rts. reserv. 

01085255 

Cryptographic Processing apparatus, cryptographic processing method and 
storage medium storing cryptographic processing program for realizing 
hiqh-speed cryptographic processing without impairing security 

vorricntung und Verfahren zur kryptographischen Verarbeitung sowie 
Aufzeichnungsmedium zum Aufzeichnen eines kryptographischen 
Verarbeitungsprogramms zur Ausfuhrung einer schnellen kryptographischen 
Verarbeitung ohne Preisgabe der Sicherheit 

Dispositif et procede de traitement cryptograph! que ainsi que support 
d'enregistrement pour stocker un programme de traitement 
cryptographique afin de realiser un traitement cryptograph! que rapide 
sans compromettre la securite 
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..SPECIFICATION cipher, when receiving 64-bit actual key data from the key 
controlling unit 604. The substitution table data generating unit 
602 then outputs the generated substitution table data to the data 
encrypting unit 601. 

The input key generating unit 603 stores 64... 

..and the stored 64-bit actual key data and outputs the result to the data 

encrypting unit 601 as input key data for encryption of the next 
plaintext block . Since there is no ciphertext block when the first 
plaintext block is to be encrypted... 



, .of encrypting plaintext block P0. 

The substitution table data generating unit 602 in Fig. 14 
substitution table data TG(K(0)) from actual key data K(0) 
from the key controlling... 



generates 

received 



..the data encrypting unit 601. 

The data encrypting unit 601 encrypts plaintext block P0 using 
substitution table data tg(k(0)) and input key data k(0)(+)iv to 
generate ciphertext block CO. 

(2) Next , plaintext block Pi is encrypted as follows. 

Since the key controlling unit 604 does not output new actual key data, 
the substitution table data generating unit 602 does not generate 
new substitution table data. 

The input key generating unit 603 performs an exclusive-OR operation 
for corresponding bits in actual key data K. . . 
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...specification binary bits, and these bit blocks are encoded with error 
correcting orthogonal (or bi -orthogonal) block codes . The orthogonal 
2( sup(M)-bit block code -words are scrambled by modulo-2 N-bit 
addition of a scrambling mask that may be retrieved from a look - up 
table in a memory. In the case of ideal scrambling masks, there may be 
either n. . . 

...SPECIFICATION binary bits, and these bit blocks are encoded with error 
correcting orthogonal (or bi -orthogonal) block codes . The orthogonal 
2M) -bit block codewords are scrambled by modulo-2 N-bit addition of a 
scrambling mask that may be retrieved from a look - up table in 
memory, in the case of ideal scrambling masks, there may be either 
nA))=Nl. . . 
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..specification 50, and these bit blocks are encoded by an error 
correction orthogonal (or bi -orthogonal) block coder 52. The 
orthogonal 2( sup(M)-bit block codewords are scrambled by a modulo-2 
N-bit adder 53 with a scrambling mask, constructed as described above, 
retrieved from a look - up table in a memory 60. in the case of ideal 
scrambling masks, there are either n... 

..SPECIFICATION 50, and these bit blocks are encoded by an error 
correction orthogonal (or bi -orthogonal) block coder 52. The 
orthogonal 2M)-bit block codewords are scrambled by a modulo-2 N-bit 
adder 53 with a scrambling mask, constructed as described above, 
retrieved from a look - up table in a memory 60. in the case of ideal 
scrambling masks, there are either nA... 
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...SPECIFICATION possible series of n symbols by a specific series of k 
symbols, where k > 0, is generated , and in which always a second 
series of k symbols which has a good statistical... 

...the invention is characterized in that by means of a key at least one 
arbitrary substitution table is generated , which table substitutes 
each possible series of n symbols by a specific series of k symbols , 
where k > 0, and that a second series of k symbols, which series has 
a good statistical distribution, is combined with one of the two 
first-named series of symbols, to obtain an enciphered output series. 

The invention is based on the understanding that the reliability of the 
substitution function used in the encipher algorithm will be augmented 
considerably, if both the transmitting party and the receiving party 
create one and the same arbitrary S - box on the basis of a secret 
key transmitted via a key channel, which involves of... 
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Full text Availability: 
Detailed Description 

Detailed Description 
program. 

in one embodiment, the plaintext key 18 comprises a plurality of segment 
keys for encrypting each segment of the plaintext video program , 
and the seed value generator 62 generates a corresponding seed value 64 
for each segment... 

...the input arguments x and y, and the segment seed value 64 is the 
result. 

Lookup tables may also be employed for generating the segment keys, 
and the algorithm for computing the segment keys may be programmably 
updated. . .program. 

in one embodiment, the plaintext key 18 comprises a plurality of segment 
keys for encrypting each segment of the plaintext video program , 
and the coefficient value generator 70 generates a set of coefficient 
values 72 for each... 

...the input arguments x and y, and the segment coefficient values 72 are 
the result. Lookup tables may also be employed for generating the 
segment keys, and the algorithm for computing the segment keys may be 
progranimably updated... 
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Detailed Description 

... of input bits equaled the number of output bits, and the selection of 
the applicable substitution table 222a-222d is made based upon the 
duplicated input bits created by the expansion and permutation module 
220. 

0 The outputs of substitution tables 222a-222d are provided to a 
second 

permutation module 224. The second permutation module 224 performs 
simple bit scrambling , which ensures unique one-to-one mapping of the 
internal address of the memory 161... 



18/3,K/26 (Item 26 from file: 349) 

DIALOG (R) Fi 1 e 349:PCT FULLTEXT 

(c) . All rts. reserv. 

00852763 **image available** 

INFORMATION SECURITY METHOD AND SYSTEM 

PROCEDE ET UN SYSTEME DE SECURITE DE L ' INFORMATION 

Patent Applicant/Assignee: 
XTREAMLOK PTY LTD, Unit 5, 8 Miller Street, Murarrie, QLD 4172, AU, AU 
(Residence), AU (Nationality) 
inventor(s) : 

TUCKER David, Unit 5, 8 Miller Street, Murarrie, QLD 4172, AU, 
CRUMP Matt A, 7/519 Tingal Road, Wynnum, QLD 4178, AU, 
witmann Jerome, 17, rue Gustave Eiffel, F-62300 Lens, FR, 

Patent and Priority information (Country, Number, Date): 

Patent: WO 200186372 A2-A3 20011115 (WO 0186372) 

Application: WO 2001IB1197 20010514 (PCT/WO IB0101197) 

Priority Application: US 2000203877 20000512 

Designated states: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY B2 CA CH CN CO CR CU CZ DE DK DM DZ 
EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS J P KE KG KP KR KZ LC LK LR 
LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL 
TJ TM TR TT TZ UA UG UZ VN YU ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR 
(OA) BF S3 CF CG CI CM GA GN GW ML MR NE SN TD TG 
(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZW 
(EA) AM AZ BY KG KZ MD RU TJ TM 

Publication Language: English 
Filing Language: English 
Full text word Count: 12195 

Full text Availability: 
Detailed Description 
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present invention. 

FIG. 12 is a table depicting an exemplary process that utilizes running 
line encryption 



in accordance with another aspect of the present invention 

FIG. 13 depicts an exemplary eip look - up table in accordance with 

anotheri aspect of the present invention. 

FIG. 14 depicts an exemplary import... 
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Detailed Description 

Claims 

English Abstract 

...a WAN : wide Area Network). The data communication package contains a 
first section of non- encrypted data and a second section of 
encrypted data. The communication controller comprises a session key 
LUT unit (186), and a transmission and encryption section, which 
includes a data read transmission control... 
Publication Year: 2000 

Detailed Description 

or WAN (wide area network), the data communication package containing 
a first section of non- encrypted data and a second section 
containing encrypted data, and comprising a session key LUT unit and 
a transmission and encryption section comprising. 

(a) a data read transmission control unit... 

. . .of a host 

system and receiving input data therefrom and communicating with said 



..host 1 0 system and receiving input data therefrom and communicating 
with said session key LUT (186), said session key LUT (186) providing a 
transmission 

encryption key for said data communication... 
..contained in said 

1 5 second section of said data communication package, 

(c) a data encryption unit (126) providing an encryption of said 
second section of said data communication package according to said 
transmission encryption key transferred from said session key LUT (1 
86) to said data encryption unit 

(126) , 

(d) an integrity check value calculation unit... 

..package through communication with said network receiving controller 
(140) , 

and communicating with said session key LUT (186), said session key 
LUT 

(1 86) providing a reception encryption key for said received data 
communication package, 
(i) a... 

..said received data communication package, 

a data decryption unit (164) providing a decryption of said second 
section of 

said received data communication package according to a reception 
encryption key transferred from said session key LUT (1 86) to said 
data 

decryption unit (164), 

(k) an integrity check value verification unit... WAN: wide 0 Area 
Network), said data communication package containing a first section of 
non 

encrypted data and a second section containing encrypted data, 
and said 

communication controller comprising a session key LUT unit (186), and 
comprising: 

(a) a data read transmission control unit (102) connected to a... 

..of a host system and receiving input data therefrom and communicating 
with said session key LUT (1 86), said session key LUT (11 86) 
providing a transmission 

encryption key for said data communication package, 

(b) a data. . . 

..input data contained in said 

second section of said data communication package, 

(c) a data encryption unit (126) providing an encryption of said 
second section of said data communication package according to said 
transmission encryption key transferred from said session key LUT 
(186) to said data encryption unit 

(126)t 

(d) an integrity check value calculation unit... 
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Claim 

and second linear operator are non-commutative with each other. CLAIM 
5. The method of encrypting of claim I wherein the sbox is optimized 
so that consecutive sections of 20 bits or fewer are guaranteed to 
have at least a I bit output... 

...each input bit difference. CLAIM 6. The method of encrypting of claim 1 
wherein the sbox is optimized so that it has a guaranteed minimum 
number of bits of output difference... 
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Detailed Description 

system for encryption and 
decryption employing a conventional DES semiconductor chip; 
Figures 2A-B are block diagrams illustrating, respectively, the 
electronic code book (ecb) and cipher block chaining (CBC) block cipher 

encryption modes of DES; Figure 3 is a block diagram illustrating in 
more detail a portion... 

...initial permutation of DES; Figure 5 is a block diagram illustrating an 
expansion operation and S - box 
operation of DES; 

Figure 6 is a block diagram of a data security system in... 
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Detailed Description 

... To create the trailer, the data in data box 1022 are 
provided to a Label Element Encryption subroutine 730 which 
utilizes Spinup Randomizer subroutine 530 and a label lookup 

table if irrational labels are desired. The spinup number and 
25 the initializing vector for Spinup... 
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Detailed Description 

... scramble mask assigned. On the other hand, the whole set may be 
stored as a look - up table in a memory, in which case the number of 
bits 

needed to address each mask... 

...memory 60, that mask would 
be retrieved from storage and modulo-2 added to the block coded 
signal 

The ability selectively to address and retrieve a specific scramble 
mask becomes important in a subtractive CDMA system. For example, if 
stronger coded information signals... 
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Detailed Description 

20 bits, and these bit blocks are encoded with error 
correcting orthogonal (or bi -orthogonal) block codes , 
The orthogonal 2m@bit block codewords are scrambled 
by modulo@2 N@bit addition of a scrambling mask that 
may be retrieved from a look - up table in a memory. 

25 in the case of ideal scrambling masks, there may be 
either. . . 
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Detailed Description 
are generated 
by the device to avoid damage and discomfort to the 
listener's ear, 

Another important aspect of the invention 
involves a method for encrypting the secret PIN code 

portion and/or the detectable code portion of the financial 
card. The method generally comprises the following steps. 

programming a secret... 

...a nonsecret identity offset into the device 
which corresponds to the master key; maintaining a lookup 

table associating the master key to the nonsecret identity 
offset at the device issuer location; generating... 
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bit values 

generated are each a function of all of the selected key 
bits. 

in another aspect ,, the present invention includes a 
cellular communication system having an encryption subsystem 
which includes a key stream generator which uses a secret 
key to generate a. . . 

. . .in two stages, 
First, the secret key is expanded in accordance with an 
algorithm to produce a look up table which is stored in 
memory. Second,, the circuit uses the count of a register 
along with the key in combination with the data stored in 
the look up table to generate a pseudo-random key stream 
which is mixed with the data before transmission. The 
system. . . 
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use/advantage - Iterated block substitution system in which block 
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allocated to n individual substitution boxes . 



...permutation or a quasi quick trickle permutation to blocks of data 
allocated to n individual substitution boxes . 



...quasi quick trickle permutation to the data bits undergoing block 
substitution allocated to n individual substitution boxes . 

Claims: 

...data, where n is an integer, each sub-block being assigned to one of n 
substitution boxes ; (b) selecting one of a quick trickle or a quasi quick 
trickle permutation as a... 

...e)(l) is applied, applying a corresponding one of the sequence of 
permutations to the substitution boxes , assigning an output of each 
numbered substitution box as an input to the substitution box whose 
number is indicated by the corresponding one of the sequence of 
permutations, and if step (e)(2)is applied, applying the resulting 
permutation to the substitution boxes , assigning an output of each 
numbered substitution box as an input to the substitution box whose 
number is indicated by the resulting permutation; (g) repeating steps (e) 
and (f) for. . . 

...of data, where n is an integer, the sub-block being assigned to n 
individual substitution boxes ; (b) selecting one of a quick trickle or a 
quasi quick trickle permutation as a... 

...partially encrypted sub-blocks, assigning each partially encrypted 
sub-block as an input to the substitution box whose number is indicated 
by the the corresponding one of the sequence of permutations, and... 



...partially encrypted sub-blocks, assigning each partially encrypted 
sub-block as an input to the substitution box whose number is indicated 
by the resulting kth permutation; and(g) repeating (e) and (f . . . 
...divided into n sub-blocks of data, the sub-blocks being assigned to n 
individual substitution boxes ; (b) partially encrypting the n sub-blocks 
by assigning each of the n sub-blocks to one of n substitution boxes 
;(c) reassembling the partially encrypted n sub-blocks into an m-bit 
block; (d) selecting... 
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Data enciphering system for computer - supplying successive data words to 
cipher circuit where each word is consecutively modified several times 
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Alerting Abstract ep a 

The system enciphers all data words of e.g. 16 bits to be stored into a 
computer using a product cipher circuit includes alternately one from 
several permutation boxes (1-1 to 1-11) and one from a number of 
substitution boxes (1-12 to 1-51) each box being under the control of a 
specific part of a key. 

The data words are enciphered in whole and the system can be regarded as 
a delay line. The data words can be combined with storage sector-specific 
coding words and with a key entered on an input device (2). 

ADVANTAGE - Does not cause any delay that is noticeable to user. @(8pp 
Dwg. No. 1/1)@ 

Equivalent Alerting Abstract us A 

The method involves enciphering data words of a word width of n bits, in 
particular data words to be written in a computer storage. A product cipher 
circuit has alternately one from a number of permutation boxes with n 
inputs and n outputs and one from a plurality of substitution boxes 
with n inputs and n outputs. Each of these boxes is under the control of a 
specific part of an m-bits key. in the product cipher circuit the data 



words are consecutively enciphered in whole and the enciphering device can 
be regarded as a delay line. 

The data words to be enciphered can be combined with coding words which 
depend on the specific sector of the computer storage, in particular a hard 
storage disk unit, where the data words are stored. The sector-specific 
coding words and/or the m-bits key can be combined with a key to be entered 
by a user. 

USE - E.g for data storage in computer memory. 
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Alerting Abstract ...from several permutation boxes (1-1 to 1-11) and one 
from a number of substitution boxes (1-12 to 1-51) each box being under 
the control of a specific part... 

Equivalent Alerting Abstract ...of permutation boxes with n inputs and n 
outputs and one from a plurality of substitution boxes with n inputs 
and n outputs. Each of these boxes is under the control of... 
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Original Abstracts: 

...of permutation boxes with n inputs and n outputs and one from a 
plurality of substitution boxes with n inputs and n outputs, each of 
these boxes being under the control of... 

...of permutation boxes with n inputs and n outputs and one from a 
plurality of substitution boxes with n inputs and n outputs, each of 
these boxes being under the control of... 
Cl ai ms: 

...of permutation boxes with n inputs and n outputs and one from a 
plurality of substitution boxes with n inputs and n output, each of 
said permutation and substitution boxes being under the control of a 
specific part of the m-bit key, wherein each... 

...words is permuted or substituted only once by each respective one of 
said permutation and substitution boxes and n and m are pre-defined 
integers; a modulo 2 adder wherein a first... 

...of the deciphered n-bit words produced by said product cipher circuit 
with a next successive one of said enciphered n- bit data words to 
be deciphered in order to yield a current corresponding one of the 
deciphered. . . 
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Message generation method for water marking applications, involves 
encrypting signature with common key and stenographically embedding 
encrypted signature in medium like printed or electronic objects 
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original Abstracts: 

...objects, audio and video), in one implementation, a message includes a 
first portion and a second portion . The first portion includes a 
first message and a first checksum, which are encrypted with a private 
key. The encrypted first portion is combined with the second portion . 
The second portion includes a second message and as second checksum. 
The combined encrypted first portion and the second portion form a 
signature. The signature is encrypted with a common or universal key, 
perhaps after error correction coding. The private key is... 

...objects, audio and video), in one implementation, a message includes a 
first portion and a second portion . The first portion includes a 
first message and a first checksum, which are encrypted with a private 
key. The encrypted first portion is combined with the second portion . 
The second portion includes a second message and as second checksum. 
The combined encrypted first portion and the second portion form a 
signature. The signature is encrypted with a common or universal key, 
perhaps after error correction coding. The private key is... 
Cl aims: 

...A message generating method comprising: receiving a first message portion 
comprising a first checksum associated therewith ; encrypting the first 
message portion with a private key ; receiving a second message portion 
comprising a second checksum associated therewith; combining the encrypted 
first message portion with the second message portion to yield a 
signature ;encrypting the signature with a common key; 
andsteganographically embedding the encrypted signature in media. 
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Transmitter for communication system, has encrypting unit to encrypt 
first portion and first part of second portion of message package 
provided by message package provider, with second part of second 
portion used as encrypting key 
patent Assignee: trw INC (THOP) 
inventor: ALRABADY A I; JUZSWIK D L 
Patent Family (1 patents, 1 countries) 
Patent Appl i cati on 
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Transmitter for communication system, has encrypting unit to encrypt 
first portion and first part of second portion of message package 
provided by message package provider, with second part of second 
portion used as encrypting key 

...novelty - An encrypting unit encrypts the first portion and the 
first part of the second portion of a message package provided by a 
message package provider, with the second part of the second portion 
used as an encrypting key. An output unit outputs a signal to convey the 
encrypted first portion and encrypted first part of the second 
portion of the message package. 

Original Publication Data by Authority 



Original Abstracts: 

...has a portion ( b 28 /b ) of a transmitter controller ( b 14 /b ) that 
provides a message package. An encryption portion ( b 36 /b ) of the 
controller ( b 14 /b ) encrypts a first fraction of the message 
package (e.g., a first portion of the message package and a first part 
of a second portion of the message package) using a second fraction of 
the message package (e.g., a second part of the second portion of the 
message package) as an encryption key. Transmitter components ( b 32 
/b and b 34 /b ) output a signal ( b 18 /b ) that conveys the encrypted 
first fraction of the message package. Receiver components ( b 56 
/b and b 58 /b ) receive the signal ( b 18 /b ) . A decryption portion 
( b 60 /b ) of . . . 
Claims: 

...is claimed: 4. A communication system comprising: means for providing 
a message package; means for encrypting a first fraction of the 
message package using a second fraction of the message package as an 
encryption key; means for outputting a signal that conveys the encrypted 
first fraction of the message package; means for receiving the signal; 
means for decrypting the signal using a decryption key... 

...for encrypting the first portion and the first part of the second 
portion using the second part of the second portion as the 
encryption key, said means for outputting includes means for outputting the 
signal to convey the encrypted first portion and the encrypted first 
part of the second portion , and said means for reassembling includes 
means for assembling the second portion of the message package using 
the decryption key as the second part of the second portion of the 
message package, wherein said means for providing the message... 
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Message transmission method for television, involves encrypting two 

portions of message such that one portion is encrypted with high level 

and another portion of message is not encrypted or encrypted with 

low encryption level 
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Message transmission method for television, involves encrypting two 
portions of message such that one portion is encrypted with high level 
and another portion of message is not encrypted or encrypted with 
low encryption level 

...novelty - The one portions of message to be transmitted to 
receiver is encrypted with high encryption level and another portion 
of message is not encrypted or encrypted with low encryption 
level, in order to output to receiver. 

Original Publication Data by Authority 



Original Abstracts: 

Particular portions of a message receive strong encryption while 
other parts of the message are less strongly encrypted or even 
unencrypted, resulting in a differentially encrypted data set. The data 
set is transmitted to a receiving end where it may be... 
Claims: 

...method of securely transmitting a message to a receiving device, 
comprising the steps of: (a) encrypting a first part of said message 
with a first level of encryption to produce a first message portion; (b) 
processing a second part of said message with a second level of 
encryption to produce a second message portion , with the second level 
of encryption selected from the group consisting of: (i) no encryption, 
and (ii) a level of encryption... 
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Server-implemented message delivery method for electronic messaging, by 
encrypting at least first portion of message using split encryption key, 
and providing first key portion of split encryption key to another server 
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...novelty - The method involves, in a server (110), receiving, from 
another server, a request to encrypt at least a first portion of a 
message (70), generating a split encryption key comprising at least a 
first key portion and a second key portion , encrypting at least the 
first portion of the message using the split encryption key, and 
providing the first key portion to the other server. 
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original Abstracts: 

An enterprise-based system includes a storage server equipped to generate a 
split encryption key having at least a first key portion and a second 
key portion , that is used by the storage server to encrypt at least a 
portion of a message . Additionally, the first key portion of the split 
encryption key is retained by the storage server, while the second key 
portion of the split encryption key is delivered to a message routing 
server and is discarded from the storage server... 

...An enterprise-based system includes a storage server equipped to 
generate a split encryption key having at least a first key portion and a 
second key portion , that is used by the storage server to encrypt at 
least a portion of a message . Additionally, the first key portion of 
the split encryption key is retained by the storage server, while the 
second key portion of the split encryption key is delivered to a 
message routing server and is discarded from the storage server... 

...An enterprise-based system includes a storage server equipped to 
generate a split encryption key having at least a first key portion and a 
second key portion , that is used by the storage server to encrypt at 
least a portion of a message . Additionally, the first key portion of 
the split encryption key is retained by the storage server, while the 
second key portion of the split encryption key is delivered to a 
message routing server and is discarded from the storage server... 
cl aims: 

...in a storage server, a method comprising: receiving from a second server, 
a request to encrypt a message; generating a split encryption key 
comprising at least a first key portion and a second key portion ; 
encrypting at least the first portion of the message using the split 
encryption key ; providing the first key portion to the second server; 
anddiscarding first key portion... 
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Secure message storage and sender-based notification generation for data 
processing, By generating message specific token comprising one or more 
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...NOVELTY - The first portion of a message is stored on a server, and the 
complementary second portion of the message is stored on a client. The 
first portion of the message is encrypted and a message specific 
token comprising one or more encryption keys used to encrypt the first 
portion of the message is generated. 

Original Publication Data by Authority 

Original Abstracts: 

...to store a first portion of a message, and a client to store a 
complementary second portion of the message . The first portion of 
the message is encrypted and a message specific token comprising one or 
more encryption keys used to encrypt the first portion of the 
message is generated. The second portion of the message stored on 
the client is subsequently combined with the message-specific token to form 
a. . . 

...to store a first portion of a message, and a client to store a 
complementary second portion of the message . The first portion of 
the message is encrypted and a message specific token comprising one or 
more encryption keys used to encrypt the first portion of the 
message is generated. The second portion of the message stored on 
the client is subsequently combined with the message-specific token to form 
a. . . 
Cl aims: 

. . .comprising: storing a first portion of a message on a server, and storing 
a complementary second portion of the message on a client; encrypting 
the first portion of the message on the server, and generating a message 
specific token associated with the encrypted first portion of the 
message , the message-specific token comprising one or more encryption 
keys used to encrypt the first portion of the message ; combining the 
second portion of the message stored on the client with the 
message-specific token to form a partially secured message... 
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...and at least one further message section. At least one of the message 
sections is encrypted in such a way asto be decryptable independently of 
the other message sections . The encrypted message is assembled by 
adding a resynchronisation marker, separating a message section from an 
adjacentmessage section. . . 

...first and at least one further message section. At least one of the 
message sections is encrypted in such a way as to be decryptable 
independently of the other message sections. The encrypted message 
is assembled by adding a resynchronisation marker, separating a message 
section from an adjacent message section and including explicit 
synchronisation information, to at "least the further message sections... 

...first and at least one further message section. At least one of the 
message sections is encrypted in such a way asto be decryptable 
independently of the other message sections. The encrypted message 
is assembled by adding a resynchronisation marker, separating a message 
section from an adjacentmessage... 
Cl aims: 

...the message sections is encrypted in such a way as to be decryptable 
independently of the other message sections, and wherein the 
encrypted message is assembled by adding a resynchronisation marker, 
separating a message section from an adjacent message section and 
including explicit synchronisation information, to at least the further 
message sections. 
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...to form a cypher key stream the characters of which are used in sequence 
to encrypt or decrypt successive characters (or elements ) of a 
message . 



...to form a cypher key stream the characters of which are used in sequence 
to encrypt or decrypt successive characters (or elements ) of a 
message . 
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Title: Selective encryption for H.264/AVC video coding 

Author: Shi, Tuo; King, Brian; Salama, Paul 

Corporate Source: video and Image Processing, Analysis, and 
Communications (VIPAC) Lab Department of Electrical and Computer 
Engineering Indiana University - Purdue University, Indianapolis, 
Indianapolis, IN 46202, United States 

Conference Title: Security, Steganography , and Watermarking of Multimedia 
Contents VIII 

Conference Location: San Jose, CA, united States Conference Date: 
20060116-20060119 

Sponsor: Society for Imaging Science and Technology, IS and T; SPIE 
E.I. Conference No.: 67030 

Source: Proceedings of SPIE - The International Society for Optical 
Engineering Security, Steganography, and watermarking of Multimedia 
Contents VIII - Proceedings of SPIE-IS and T Electronic imaging v 6072 
2006. 

Publication Year: 2006 
CODEN: PSISDG ISSN: 0277-786X 
Article Number: 607217 
Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 0604W4 

Abstract: Due to the ease with which digital data can be manipulated and 
due to the ongoing advancements that have brought us closer to pervasive 
computing, the secure delivery of video and images has become a 
challenging problem. Despite the advantages and opportunities that digital 
video provide, illegal copying and distribution as well as plagiarism of 
digital audio, images, and video is still ongoing. In this paper we 
describe two techniques for securing H.264 coded video streams. The first 
technique, SEH264Algori thml , groups the data into the following blocks of 
data: (1) a block that contains the sequence parameter set and the picture 
parameter set, (2) a block containing a compressed intra coded frame, (3) 
a block containing the slice header of a P slice, all the headers of the 
macroblock within the same P slice, and all the luma and chroma DC 
coefficients belonging to the all the macroblocks within the same slice, 
(4) a block containing all the ac coefficients, and (5) a block containing 
all the motion vectors. The first three are encrypted whereas the last 
two are not. The second method, SEH264Algori thm2 , relies on the use of 
multiple slices per coded frame. The algorithm searches the compressed 
video sequence for start codes (0x000001) and then encrypts the next N 
bits of data . copy 2006 spie-is&t. 17 Refs. 

Descriptors: ^Cryptography ; image coding; Data reduction; Image analysis; 
Copyrights; Algorithms; Parameter estimation; Set theory 

Identifiers: Selective Encryption; Partial Encryption; H.264/AVC 
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Software, Data Handling & Applications); 902 (Engineering Graphics; 
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Title: Speech encryption system with a low bit rate coding algorithm for 
analogue transmission line 

Author: Chisaki, Yoshifumi; Morinaga, Haruki ; Kitajima, Katsutoshi ; Koba, 
Mitsuhiro; Usagawa, Tsuyoshi 

Corporate Source: Department of Computer Science Faculty of Engineering 
Kumamoto university, Kumamoto, 860-8555, Japan 

Source: Acoustical Science and Technology v 26 n 4 July 2005. p 371-373 

Publication Year: 2005 

CODEN: ASTCDS ISSN: 1346-3969 

Language: English 

Document Type: JA; (Journal Article) Treatment: T; (Theoretical) 
Journal Announcement: 0508W4 

Abstract: A speech encryption system with a low bit rate coding algorithm 
for analogue transmission was proposed. Six encryption keys were 
introduced to three different blocks to protect speech information . 
The signal generated by the coding block was encrypted and the encrypted 
signal was modulated with the synchronization sequence decided by 
encryption key. It was found that the encrypted signal can be passed 
though the analogue transmission line and used for an analogue storage 
such as tape recorder. (Edited abstract) 3 Refs. 

Descriptors: ^Cryptography ; Speech; Signal encoding; Algorithms; Block 
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Source: Proceedings of the ACM Workshop on XML Security 2003. 
Publication Year: 2003 
ISBN: 1581136323 
Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 0310W4 

Abstract: This paper describes an alternative encryption method for XML 
which is capable to encrypt single XML Information Set items. It is able 
to hide the size and the existence of encrypted contents. As a result, it 
prevents a 'traffic analysis 1 , i.e. it's analogous counterpart for 
documents, in 2001, the w3C launched the xml Encryption working group 
which, among other things, defined how to encrypt portions of xml 



documents . The portion must always be a subtree or a consecutive sequence 
of sub-trees. On the other hand, XML Access Control allows more granular 
restrictions on what portions on an XML document a client is allowed to 
see: XML Access Control can remove an ancestor node from a document while 
leaving a descendant node in the document. This paper describes an 
encryption system which allows to have these 'deep children 1 in plaintext 
while having the ancestors encrypted, i.e. bringing the property from XML 
Access Control to XML Encryption. 9 Refs. 

Descriptors: *XML; Cryptography; Data structures; Telecommunication 
traffic; Security of data; Information services 

Identifiers: Data padding 

Classification Codes: 

723.2 (Data Processing); 903.4 (Information Services) 
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SECURITY ASPECTS OF SUBSTITUTION- PERMUTATION ENCRYPTION NETWORKS 
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Year: 1998 

Corporate Source/Institution: QUEEN'S UNIVERSITY AT KINGSTON (CANADA) ( 
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Adviser: STAFFORD TANARES 
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ISBN: 0-612-36013-X 

This thesis investigates some security aspects of basic 
substitution-permutation encryption networks (SPNs) . Compared to other 
block ciphers, spns have many desirable and predictable cryptographic 
properties which are very useful for the design and analysis of 
cryptosystems. 

We start with an estimate and upper bound on the nonlinearity 
distribution of s - boxes which shows that low nonlinearities are very 
unlikely for large s - boxes . This further confirms the statement that 
large s - boxes have better cryptographic properties. In addition, we use 
statistical methods to measure the distance between SPNs and the ideal 
cipher. Based on the experimental results on XOR table distributions and 
supported by the results on nonlinearity, we show that SPNs converge to the 
ideal cipher with an increasing number of rounds, we also present a new 
differential -li ke attack which is easy to implement and outperforms the 
classical differential crypt-analysis on the basic SPN structure. In 
particular, it is shown that 64-bit SPNs with 8 x 8 s - boxes are 
resistant to our attack after 12 rounds. From the attack, it can be seen 
that the number of active s - boxes is very important. For a secure SPN, 
it is necessary to make the number of active s - boxes in the last round 
independent of the number of active s - boxes in previous rounds. In this 
respect, it is found that the number of active s - boxes in the last 
round becomes independent of the number of active s - boxes in the first 
round for basic SPNs with an increasing number of rounds. These experiments 
and the analytical results may be regarded as some evidence towards 
provable security for SPN cryptosystems. 
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Abstract: XML (Extensible Markup Language) has emerged as a prevalent 
standard for document representation and exchange on the web. It is often 
the case that XML documents contain information of different sensitivity 
degrees that must be selectively shared by (possibly large) user 
communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. 
Mechanisms are also required enabling a secure and selective dissemination 
of documents to users, according to the authorizations that these users 
have, in this article, we make several contributions to the problem of 
secure and selective dissemination of XML documents. First, we define a 
formal model of access control policies for XML documents. Policies that 
can be defined in our model take into account both user profiles, and 
document contents and structures, we also propose an approach, based on an 
extension of the Cryptolope TM approach (Gladney and Lotspiech (1997)), 
which essentially allows one to send the same document to all users, and 
yet to enforce the stated access control policies. Our approach consists of 
encrypting different portions of the same document according to 
different encryption keys, and selectively distributing these keys to the 
various users according to the access control policies, we show that the 
number of encryption keys that have to be generated under our approach is 
minimal and we present an architecture to support document distribution. ( 
25 Refs) 
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Set Items Description 

51 30669 SBOX OR SBOXES OR (S OR SUBSTITUTI???) (lW) (BOX OR BOXES) OR 

SUBSTITUTION ()TABLE? ? 

52 27341953 GOOD? ? OR ASSET? ? OR OBJECT? ? OR DATA OR INFORMATION OR 

CONTENT? ? OR FILE? ? OR DOCUMENT? ? OR ITEM? ? OR RECORD? ? - 
OR ARTICLE? ? 

53 4059528 IMAGE? ? OR GRAPHIC? ? OR PICTURE? ? OR PHOTO? ? OR PHOTOG- 

RAPH? ? OR JPEG OR JPG OR TIFF OR BITMAP 

54 7366934 MP3? ? OR MUSIC OR SONG? ? OR AUDIO OR NOISE OR MPEG OR QU- 

ICKTIME OR MOVIE? ? OR VIDEO? ? OR MPEG? ? OR FILM? ? OR MULT- 
IMEDIA OR MEDIA 

55 3747096 WEBPAGE? ? OR PAGE? ? OR TEMPLATE? ? OR CODE? ? 

56 686504 (PART OR PARTS OR PORTION? ? OR FRAGMENT? ? OR SECTION? ? - 

OR SEGMENT? ? OR FRACTION? ? OR ASPECT? ? OR BLOCK? ? OR ELEM- 
ENT? ? OR ZONE? ? OR REGION? ? OR BYTE? ? OR BIT OR BITS)(3W)- 
S2:S5 

57 41185 (DIFFERENT OR SEPARATE OR ANOTHER OR OTHER OR RELATED OR N- 

EIGHBOR? OR ADJACENT OR SUBSEQUENT OR SUCCEEDING OR SUCCESSIVE 
OR CONSECUTIVE OR NEXT OR CONTIGUOUS OR BORDERING OR ADJOINI- 
NG OR SECOND??? OR 2ND)(5W)S6 

58 371455 ENCRYPT? OR ENCIPHER? OR ENCYPHER? OR SCRAMBL? 

59 68 S8(5N)S7 

510 0 SI AND S9 

511 38 S1(100N)S6(100N)S8 

512 26 RD (unique items) 
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activities. Using the new algorithm, companies can build and deploy 
standalone products such as link encryptors . The same is true of 
cryptographically agile products using protocols such as iPSec that can... 

...the National Bureau of Standards (NBS, the precursor to NIST) began its 
search for the encryption algorithm that became DES. The NBS relied on 
the National Security Agency (NSA, www.nsa.gov) to analyze the proposed 
standard. IBM submitted an encryption algorithm, Lucifer, as a candidate. 
The NSA recommended two changes, which the NBS accepted before... 

...most attackers, costs were falling steadily, and Moore's Law meant that 
a 56-bit encryption key wouldn't last long. 

The second NSA-proposed change was to the algorithm' s S - boxes . 
These tables described how the algorithm would substitute one set of bits 
for another, des encrypts data by shuffling it around and substituting 
groups of bits according to the contents of the S - boxes , repeating this 
process 16 times. Each repetition is called a round. 

However, some observers feared that changes to S - boxes could 
introduce a trap door, allowing an attacker to decrypt DES messages without 
testing all . . . 

...fuel suspicions, nsa instructed IBM not to describe the criteria it used 
to design the S - boxes . 

while worries about key size have come true, worries about DES's 
basic design haven... 

...machine had dropped tenfold. In 1997, a team of thousands of volunteers 
cracked a des- encrypted message by working in parallel for several 
months. And in 1998, a team sponsored by built-in constants, tables, and S 
- boxes . unlike DES, NIST wouldn't base the AES selection on classified 
and otherwise unpublishable analyses... 



12/3 f K/2 (Item 2 from file: 275) 

DIALOG (R) Fi 1 e 275: Gale Group Computer DB(TM) 
(c) 2006 The Gale Group. All rts. reserv. 

01977762 SUPPLIER NUMBER: 18624712 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Overload of bugs hampers Remote Desktop beta. (McAfee Associates Inc's 
Remote Desktop 2.0 remote-access beta software) (PC week Netweek) 
(software Revi ew) (Eval uation) 

Phillips, Ken 

PC week, vl3, n34, pNl(3) 

August 26, 1996 

DOCUMENT TYPE: Evaluation ISSN: 0740-1604 LANGUAGE: English 

RECORD type: Full text; Abstract 
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chat feature is enabled when a connection is made, but on one 
occasion the agent' s chat box got out of sync with the controller, 
losing a character, and on another we mistakenly typed in the other PC 1 s 



chat box by remote control and confused the connection, forcing a 
disconnect. McAfee is investigating these bugs... 

...the fonts unreadable. The thumbnail sketches of remote windows were also 
useful . 

Remote Desktop includes encryption capability for keystrokes only 
and not for video data or file transfers. At press time, McAfee hadn't 
decided which encryption algorithm to use, but 40- bit Data 
Encryption standard was included in our beta copy and would seem a likely 
choice, since it . . . 
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the left block in the next round of the algorithm. The right block 
is then encrypted with the ciphering function and XORd with the left 
block to form the right block... 

...Bits 1 to 4 give the column number. The numbers looked up in the S- box 
convert to 4-bit numbers in binary notation. The eight 4-bit blocks are 
then combined to give the required 32-bit block. Since the number selected 
from the S - box depends on all the bits in the 6-bit block the process 
will be reversible... 

...XORd with the left block as shown in Figure 4. 

There are 16 rounds of enci pherment with the 16 different keys. 
Finally, the inverse of the initial permutation is applied to... 

...user must make a positive decision (by pressing the Y key) to continue 
with the encryption . 

If the decision is to continue, the list of 16 keys is generated from 
the... to be permuted directly into the keylist in the form of a 16 by 48- 
bit array. 

The input file is then reopened for binary read and write and the 
function crypt. . . 

...it (int *keys) used to encrypt the file, 8 characters at a time. The 
various bitwise manipulations can be handled directly... 

...with array element values of 0 or 1. The binary/decimal conversions 
needed for the S - boxes are handled with look-up tables. The final 
conversion of bit arrays to ASCII codes is also handled with a look-up 
table. 

It is important not to leave any... 

...which could be accessed using toolkits or otherwise. It is also worth 
checking that the encryption has proceeded satisfactorily before 
overwriting the original file. SID first loads the encrypted file into a 
temporary file, it then checks that the original and temporary files are of 
the same length. If they are, it copies the encrypted file on top of the 
original file, overwrites the temporary file with garbage and then... 

...unchanged and reports the problem to the user, with the Microsoft C 



compiler, SID will encrypt or decrypt at around 1 KB/sec on a 386 PC. 
To decrypt, all you... 
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The 802. lli Counter mode/CBC-MAC Protocol (CCMP) offers encryption 
and message authentication based on the Advanced Encryption Standard 
(aes). CCMP uses the Counter mode (CTR) in aes for data encryption and 
the Cipher Block Chaining-Message Authentication Code (CBC-MAC) in AES 
for message integrity. 

vocal's CCMP hardware engine comes in two... 

...integrated 802. lli and a general AES hardware core that supports CTR and 
CBC-MAC encryption modes that can be integrated easily into an embedded 
processor. 

For an 802. lli solution, the target rate of 54 Mbps requires 
approximately 27k gates (9K logic, 4K RAM, 14K SBOX ROMS). The stream is 
encrypted or decrypted at 6.4 bits per cycle which requires -8.5 million 
MIPS processor. . . 
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time alerts in one simple, cost-effective package. Secure's 
SoftRemote vpn client provides an encrypted connection for their remote 
users via the Internet without costly dial-up or leased lines... 

...the Sidewinder G2 and SoftRemote firewall/VPN combination secure MSlLM's 
inbound traffic, Secure Computing' s On- Box SmartFilter feature enables 
them to build and enforce their outbound web-usage policy at the same time. 
SmartFilter 1 s On- Box technology allows them to run web access filtering 
directly on the Sidewinder G2 Firewall, saving... 

...List, updated continuously, accurately categorizes millions of web sites 
into content groups, enabling msilm to block objectionable web content 
and prevent the downloading of MP3 and executable files that are not work 
rel ated . Ext remel y . . . 
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be required to improve security. The block size of AES is 128 bits. 
The proposed encryption algorithm camellia adopts has a block size of 128 
bits and key sizes of 128... 

...per second, which is more than twice the speed of DES. 

Moreover, the substitution tables ( s - boxes ) are designed to be 
suitable for small hardware. The key schedule can share a part of data 
randomizing and the memory requirement for subkeys is reduced. As a result, 
Camellia encryption hardware... 

...SC 27 and are aiming at adoption as a international standard. 
Notes: 

(1) Symmetric-key encryption algorithm 

An algorithm that uses the same key for both encryption and 
decryption, widely used to quickly encrypt large quantities of data in 
messages or files. 

(2) Block size 
The size of the. . . 

...bits for a successor symmetric-key block cipher to improve security. 

(3) AES 

Literally "Advanced Encryption Standard." NIST is seeking to 
establish a successor symmetric-key block cipher to DES by 2001. 

(4) DES 

Literally "Data Encryption Standard." A symmetric-key encryption 
algorithm designated as the standard for encryption by the National 
Bureau of Standards (now NIST) in 1977. Still widely used for encrypting 
data sent between banks. 

(5) Key length 

Determines the total number of available keys. For... cipher 
There are two kinds of symmetric-key encryption algorithm: block 
ciphers and stream ciphers. Block ciphers bundle data into blocks of a 
certain length and encrypt each block . Stream ciphers encrypt data bit 
by bit. 

(8) Differential cryptanalysis and linear cryptanalysis 
Currently, these techniques are the most... 
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private key generated by the encoder is sent via an Entitlement 
Control Message (ECM) as part of the MPEG stream. This key can be 
changed as often as the user desires, even changing several part of the 



MPEG stream, when a scrambled MPEG signal is received by a conditional 
access decoder, the box first checks the EMM... 

...interest to you the DTV broadcaster? First, you should know that, 
technically speaking, you can scramble some or all of your dtv 
transmissions. Second, you can use either relatively simple fixed-key 
scrambling where everyone with a box is able to decode your signal, or you 
can use variable-key scrambling , giving you the capability of addressing 
each subscriber 1 s box individually. Third, if you opt for a 
variable-key system, you will need to create. . .good. We will use smart 
cards, and one smart card will plug into another vendor 1 s box . The ATSC 
standard specifies the scrambling method to be used as the DVD Common 
Scrambling Method, or Si mul crypt. Sounds good to me - we will use a common 
scrambling approach. However, that is as far as it goes, 
where does this leave us? If... 
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private key generated by the encoder is sent via an Entitlement 
Control Message (ECM) as part of the MPEG stream. This key can be 
changed as often as the user desires, even changing several... 

...this information is encoded in an Entitlement Management Message (EMM), 
which also is sent as part of the MPEG stream, when a scrambled MPEG 
signal is received by a conditional -access decoder, the box first checks 
the EMM. . . 

...broadcaster, you should know that, technically speaking, some or all of 
dtv transmissions can be scrambled . Simple fixed- key scrambling can be 
used, either relatively, where everyone with a box is able to decode the 
signal, or variable-key scrambling can give you the capability of 
addressing each subscriber 1 s box individually, if you opt for a 
variable-key system, you will need to create and... good. We will use smart 
cards, and one smart card will plug into another vendor 1 s box . The ATSC 
standard also specifies the scrambling method to be used as the DVD 
Common Scrambling Method, or si mul crypt. Sounds good to me; we will use a 
common scrambling approach. However, that is as far as it goes, 
where does this leave us? if... 
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be required to improve security. The block size of AES is 128 bits. 
The proposed encryption algorithm Camellia adopts ...second, which is 
more than twice the speed of DES. 

Moreover, the substitution tables (s- boxes ) are designed to be 
suitable for small hardware. The key schedule can share a part of data 
randomizing and the memory requirement for subkeys is reduced. 

As a result, Camellia encryption hardware achieves a size of 
approximately lOKgates, which is in the smallest class in the...SC 27 and 
are aiming at adoption as a international standard. 

Notes 

*1 Symmetric-key encryption algorithm An algorithm that uses the 
same key for both encryption and decryption, widely used to quickly 
encrypt large quantities of data in messages or files. 

*2 Block size The size of the 3 AES Literally "Advanced Encryption 
Standard.' 1 nist is seeking to establish a successor symmetric-key block 
cipher to DES by 2001. 

*4 DES Literally "Data Encryption Standard." A symmetric-key 
encryption algorithm designated as the standard for encryption by the 
National Bureau of Standards (now NIST) in 1977. Still widely used for 
encrypting data sent between banks. 

*5 Key length Determines the total number of available keys. For... 
cipher There are two kinds of symmetric-key encryption algorithm: block 
ciphers and stream ciphers. Block ciphers bundle data into blocks of a 
certain length and encrypt each block . Stream ciphers encrypt data bit 
by bit. 

*8 Differential cryptanalysis and linear cryptanalysis Currently, 
these techniques are the most... 



12/3.K/10 (Item 1 from file: 16) 

dialog (R) File 16: Gale Group promt(r) 
(c) 2006 The Gale Group. Al 1 rts. reserv. 

12483785 Supplier Number: 135417838 (USE FORMAT 7 FOR FULLTEXT) 
who's minding the data store? Experts say encryption is a good idea for 
sensitive data at rest . . . and on the move. 

Network World, p42 
August 15, 2005 

Language: English Record Type: Full text 
Document Type: Magazine/Journal; General Trade 
word Count: 1523 

of Medicare patient data shipped on standard IBM cartridges. These 
updates represent an additional 18G bytes of data 

to be added to the CECS Medicare data collection, which totals more 
than 7T bytes. 

Because the data includes sensitive personal and healthcare 
information, it naturally falls under the Health insurance Portability 
and. . . 

...at protecting the privacy of medical records. This is the main reason 
Fusca looked 

at encryption with security vendor Decru, which has since been 
acquired by Network Appliance . Given the nearly... 
... mi 11 i on 

that the center had received for ongoing research involving the 
data, Fusca says his encryption costs, which he estimated 
at about $75,000, were well worth the investment. 
Once the. . . 

...data passes through a cluster of Decru 

DataFort E-series appliances, where it is subsequently encrypted . 
Thus, CECS can maintain a fully encrypted library of more 

than 7T bytes of Medicare data on tape. Fusca and his team have 



also designed the CECS architecture, which includes Network 

Appliance network storage, to take advantage of DataFort's combined 
access controls, authentication and encryption capabilities. 

"Data now flows all through the system, encrypted up until the 
time it comes out on the user 1 s Linux box ," Fusca says. 'The 

process is totally transparent to the users, and there is no lag 
time in the processing of the data to their screen." 

Fusca favors hardware-based encryption , largely because of his 
prior experiences with software-based approaches. "We'd been 

through all those games before (with software-based encryption ) f 
and thought there had to be a better way to do encryption ," 

Fusca says. He was referring to prior challenges managing 
encryption keys, the ongoing risk of keys being compromised, and 

the difficulty of synchronizing clients to... 

. . .latest version. 

Canadian accounting firm RSM Richter decided to use Application 

Security's DBEncrypt to encrypt a few SQL Server database 

fields in its Microsoft Great Plains software-based human resources 
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as ciphertext. There are essentially three components to the DES 
algorithm, to encipher a 64- bit data block, the DES algorithm performs 
the following functions (Fig. 1): 
1. Initial permutation (IP) 



. . .one clock cycle. 

Sixteen iterations of this instruction would almost complete a 
64-bit DES encryption routine. Additional instructions would perform the 
initial and final permutations on the data block and... 
...algorithm is a bit-level permutation function often referred to as the 
switch-box or S - box function. By sequentially executing 16 iterations 
of this function, the algorithm encrypts a 64- bit block of data 
based on a 56-bit private key. It's difficult to implement the S - box 
permutation function with the logical operators typically found in 
general -purpose processors. The CPU must... 

...analyzing the DES software, two counts of the processor cycles required 
for each stage of encryption were tabulated. The first (smaller) 
cycle-count number is for a processor with a barrel... 

...32-bit reads from memory for every DES round — one for each of the eight 
S - box substitutions, and two to read the successively rotated 56-bit key 
from the 16-entry schedule. Because the data stream is effectively 
little-endian and the encryption algorithm is big-endian, the processor 
must swap the bytes while reading from and writing... 



.custom extension registers and four custom instructions: 



* Registers L and R would hold the 64- bit data block. 

* Registers C and D would hold the 56-bit (2 x 28) key. 

* Instruction. . . 
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chat feature is enabled when a connection is made, but on one 
occasion the agent 1 s chat box got out of sync with the controller, 
losing a character, and on another we mistakenly typed in the other PC 1 s 
chat box by remote control and confused the connection, forcing a 
disconnect. McAfee is investigating these bugs... 

...the fonts unreadable. The thumbnail sketches of remote windows were also 
useful . 

Remote Desktop includes encryption capability for keystrokes only 
and not for video data or file transfers. At press time, McAfee hadn't 
decided which encryption algorithm to use, but 40- bit Data 
Encryption Standard was included in our beta copy and would seem a likely 
choice, since it . . . 
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because a DRC does not store any of the user's session keys or 
private encryption keys, and is never given copies of messages sent. 
If this is sounding complicated, consider... 

...listed for sale. Now imagine a "lock box" on the "front door" of every 
message encrypted by a user, with a spare copy of the session key inside, 
and with the. . . 

...also that the lock box can easily be locked by the user, but only the 
encrypted messages use the "front lock box" with their own private 
encryption keys. The lock box remains unused until someone loses his/her 
keys, whoever lost the... 

...set of lock box keys, plus the list of people and corporations using 
that DRC 1 s lock box services. 

The advantage to this technology is that no one needs to escrow his 
private. . . 

...conventional private key escrow proposals, which require users to send a 



copy of their personal encryption key(s) to a central location, such as 
in a bank or other pubic escrow... 

...of applications and computer platforms, unlike ad hoc 
application-specific schemes. 

Standard RSA public key encryption technology is used for 
authentication of DRC's and escrowing of session keys, but only... 

...which can then be used to decrypt the message. This technology provides 
backup recovery of encrypted messages or files for users who have lost or 
damaged their keys, corporations who have... 

...version 3.2, which provides a Global virtual Private Network (GVPN) by 
using the 56- bit Data Encryption Standard (DES) to encrypt the internet 
Protocol layer of the communications stream among firewalls... 
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this way, the job can get started before the CSR even arrives in 
the morning." 

PART OF THE BIG PICTURE 
File transfer is but one part of a larger chain for printers, says 
Janice Reese. . . 

...Direct IP, a content distribution server — which many prepress pundits 
refer to as wamiNet' s "purple box "--sits at the customer's site, 
communicating over the Tatter's existing internet connection to wamlNet's 
private network using an encrypted tunnel. Two other WamiNet services, 
Direct and Direct dv, also offer different types of... 
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Encryption standard is gaining steam as a stronger alternative to the 
Data Encryption standard. Next-generation applications will go beyond 
secure networking protocols to include smart cards and 
electronic-media-content protection, (how it works). 
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ISSN: 0012-7515 LANGUAGE: English RECORD TYPE: Full text 

WORD COUNT: 2080 LINE COUNT: 00178 

increasing key sizes not only offer a larger number of bits with 
which you can scramble the data, but also increase the complexity of the 
cipher algorithm. 

The AES algorithm repeats its core a number of times, depending on 



the encryption -key size. Just like des, the AES algorithm refers to these 
loop repetitions as "rounds . . .contain a variable number of rounds, 
depending on the key size. 

* Cipher text is the encrypted data. 

* Plain text is the original unencrypted data. 

* The AES algorithm expands the 128- , 192... 

...bit key. The total size of the key schedule depends on the key size. 

* An S - box , or substitution box , is a look-up table. 

EXPANDING INTO A KEY SCHEDULE 

The AES algorithm expands the initial encryption key into a ... 
are as follows: 

* the "key" is stored as an array of bytes and contains the 
encryption key; 

* "key . . .bytes; 

* "SubWordO" is a byte-by-byte substitution of a 32-bit word using 
the S - box look-up table; and 

* "Rcon(i) M is a look-up-table value that the word... 
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San Francisco, CA. 

(C.) Herre, 3urgen, and Christian Neubauer, "Audio watermarking of 
mpeg-2 aac bit streams, " 108th Audio Engineering Society Convention, 
Feb 19 to 22, 2000, Paris. 

(D.) Allamanche, Eric, and Jurgen Herre, "Compatible scrambling of 
compressed audio," Proceeds of the 1999 IEEE Workshop on Applications of 
Signal Processing to... 

. . .Paltz, NY. 

(E.) Allamanche, Eric, and Jurgen Herre "Secure delivery of 
compressed audio by compatible bit -stream scrambling ," 108th Audio 
Engineering Society Convention, Feb 19 to 22, 2000, Paris. 

(F.) Cravotta, Nicholas, " Encryption : more than just complex 
algorithms," EDN, March 18, 1999, pg 105. 

(G.) Schneier, Bruce, Applied... 

...Source Code in C, Second Edition, ISBN # 0471117099, John Wiley & Sons, 
1995. 

BELATEDLY CLOSING PANDORA 1 S BOX 

As Hollywood and the consumer-electronics companies drag their feet 
in finalizing the Secure Digital... 

...safeguards. Efforts under way by a number of vendors strive to retrofit 
digital media with encryption and watermarking capabilities, but legal 
restrictions and potential hardware and software incompatibilities limit 
thei r success. . . 
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Settling debts online: a new tool for E-mail ers. 
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minutes, an automated E-mail announcing, "You've got cash!" will 
arrive in your pal' s in- box . To claim the dough, the recipient 
registers at the PayPal site and chooses to transfer... 

...watchdog like TRUSTe to be sure personal data aren't sold to marketers. 
Also check encryption levels. PayPal's 40- bit encryption scrambles 
data adequately, but eMoneyMail's 128-bit standard is more secure. 
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customer information and credit card numbers. 
However, says Amer, "I'm not replacing the traditional encryption 
systems at large. They work pretty well. I'm looking for a niche where the 



...University researcher, "is that the limitations of real world physical 
devices. . .open up a Pandora 1 s box against quantum cryptographic 
systems. " 

in addition, for this technique to work, data transmission must be 
contained to short distances, which may prove impractical. Finally, some 
critics say that traditional encryption schemes do enough to protect 
information and that the incremental security improvement offered by 
quantum. . . 

...need exists, they note that supercomputers are reducing the time it 
takes to crack traditional encryption . it may not be that far into the 
future before technology will make decrypting high-strength encryption 
bits a simple task. 
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message. Many of the standards, such as S/MIME, are protocol 
definitions based on base encryption algorithms, such as DES, Triple-DES, 
and RC2 (Ri vest's Cipher). 

By far, the most widely used algorithm is DES, employing a 56-bit key 
on a 64- bit data block, it is possible, however, for a cracker to break 



a DES cipher in less. 



...to replace 56-bit DES with an algorithm using a larger key space. The 
Advanced Encryption Standard (AES) is the official successor to DES, but 
it won't be available until... 

...standard offers several modes supporting three keys per transaction, as 
opposed to one, and alternates encryption and decryption. 

In addition to standard algorithms such as DES, many proprietary 
schemes offering varying... 

...substitution devices, are available. The difference among these 
algorithms is their mathematical bases: DES uses S boxes , public-key 
encryption uses large prime numbers, and several of the next-generation 
algorithms use modified Feistel networks... 

...for their takes on such claims. 

The open/proprietary issue takes a different angle with encryption 
technologies. Certainly, you can prove an algorithm weak by breaking it, 
but no known means... 
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...TEXT: at protecting the privacy of medical records. This is the main 
reason Fusca looked at encryption with security vendor Decru, which has 
since been acquired by Network Appliance. Given the nearly... 

...million that the center had received for ongoing research involving the 
data, Fusca says his encryption costs, which he estimated at about 
$75,000, were well worth the investment. 

Once the. . . 

...data passes through a cluster of Decru DataFort E-series appliances, 
where it is subsequently encrypted . Thus, CECS can maintain a fully 
encrypted library of more than 7T bytes of Medicare data on tape. 
Fusca and his team have also designed the CECS architecture, which includes 
Network Appliance network storage, to take advantage of DataFort 1 s combined 
access controls, authentication and encryption capabilities. 

"Data now flows all through the system, encrypted up until the time it 
comes out on the user 1 s Linux box Fusca says. "The process is totally 
transparent to the users, and there is no lag time in the processing of the 
data to their screen." 

Fusca favors hardware-based encryption , largely because of his prior 
experiences with software-based approaches, "we'd been through all those 
ames before (with software-based encryption ), and thought there had to 
e a better way to do encryption ," Fusca says. He was referring to prior 
challenges managing encryption keys, the ongoing risk of keys Being 
compromised, and the difficulty of synchronizing clients to... 

. . .latest version. 

Canadian accounting firm RSM Richter decided to use Application security's 



DBEncrypt to encrypt a few SQL Server database fields in its Microsoft 
Great Plains software-based human resources... 
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...TEXT: nonlinearity. in block-structured algorithms nonlinearity is 
frequently achieved by using look-up tables called S - boxes (for 
substitution boxes ) . 

Cryptanalytic Attacks 

The most serious attacks on block-structured algorithms to date are 
differential and. . . 

...that a fixed input difference may, with high probability, generate a 
particular output difference. By encrypting pairs of plaintexts x, x' 
with prescribed bitwise difference OX = X if X , and seeing... 
...by Japanese cryptographer Mitsuru Matsui , works by finding linear 
relationships between plaintext, ciphertext, and key bits that reveal 
information about the key. 

The AES Candidates 

AES candidates were due June, 15, 1998. Of the... 

...permutation network (Serpent), and an algorithm that relies on finite 
field operations to construct the S - box (Rijndael). MARS and RC6 use 
multiplication to perform diffusion, but MARS multiplies key words by... 



12/3, K/22 (item 3 from file: 15) 

DIALOG (R) Fi 1 e 15 : ABl/inf orm(R) 

(c) 2006 ProQuest Info&Learning. All rts. reserv. 

01995038 50821338 
Conditional access for dtv 

Gilmer, Brad 

Broadcast Engineering v42n2 PP: 48-50 Feb 2000 
ISSN: 0007-1994 JRNL CODE: BRG 
WORD COUNT: 1121 

...TEXT: private key generated by the encoder is sent via an Entitlement 
Control Message (ECM) as part of the MPEG stream. This key can be 
changed as often as the user desires, even changing several... 

...this information is encoded in an Entitlement Management Message (EMM) 
which is also sent as part of the MPEG stream, when a scrambled MPEG 
signal is received by a conditional access decoder, the box first checks 
the EMM. . . 

...interest to you the DTV broadcaster? First, you should know that, 
technically speaking, you can scramble some or all of your DTV 
transmissions. Second, you can use either relatively simple fixed-key 
scrambling where everyone with a box is able to decode your signal, or you 



can use variable-key scrambling , giving you the capability of addressing 
each subscriber' s box individually. Third, if you opt for a 
variable-key system, you will need to create... 

...good. We will use smart cards, and one smart card will plug into another 
vendor 1 s box . The atsc standard specifies the scrambling method to be 
used as the dvd Common Scrambling Method, or Si mul crypt. Sounds good to 
me - we will use a common scrambling approach. However, that is as far as 
it goes. 

where does this leave us? if... 
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...TEXT: customer information and credit card numbers. 

However, says Amer, "I'm not replacing the traditional encryption systems 
at large. They work pretty well. I'm looking for a niche where the... 

...University researcher, "is that the limitations of real world physical 
devices. . .open up a Pandora' s box against quantum cryptographic 
systems. " 

in addition, for this technique to work, data transmission must be 
contained to short distances, which may prove impractical. Finally, some 
critics say that traditional encryption schemes do enough to protect 
information and that the incremental security improvement offered by 
quantum. . . 

...need exists, they note that supercomputers are reducing the time it 
takes to crack traditional encryption . it may not be that far into the 
future before technology will make decrypting nigh-strength encryption 
bits a simple task. 

(Graph Omitted) 
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...TEXT: chipsets which are designed to encrypt and decrypt messages using 
a secret military algorithm. The encryption system will be used in the 
Defense Message System. This proposal has run into controversy .. .U.S. and 
135 U.S. based cryptographic products. Many of these provide DES (Data 
Encryption Standard) and/or RSA (named for Rivest, Shamir & Adleman, the 
creators) capabilities. As well, encryption software including DES and 
RSA algorithms and the popular Pretty Good Privacy (PGP) secure message... 



. . .the world. (9) 

in 1977, the U.S. National Bureau of Standards proposed the Data 
Encryption Standard for use in unclassified U.S. government 
communications. It was developed by IBM and almost immediately was assailed 
for potential security problems. DES uses a 56 bit key to encipher 64 
bit data blocks using both permutations and substitutions to aid overall 
security. 

It was criticized on the grounds that 56 bits were not seen as providing 
adequate security and that the substitution boxes may have hidden 
trapdoors. It was argued that with this short a key, DES could... 

...and fast and can be implemented in both hardware and software. The 
hardware implementations can encrypt data at several million bits per 
second. (12) 

The RSA Scheme was developed as a public key encryption system which uses 
a modulus as the product of two large primes (i.e., more than 100 digits 
each). This allows a person to encipher a message using a public key and 
send it to another person who is able... 
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its performance to the use of a highly parallelized conversion 
algorithm. Block ciphers like Data Encryption Standard (DES) normally 
pass data sequentially through a set of permutations and substitutions 
(also referred. . . 

...as a block cipher) as many as 16 times. In each round, half the 32- bit 

block of data passes through a set of so-called S - boxes , the 
basic elements in which the substitution of data takes place. The result 
is 16. . . 

. . .encyrption and decryption. SuperCrypt, by contrast, uses only eight 
rounds in decryption and nine in encryption . 

Loadable boxes SuperCrypt is also the first commercially available 
encryption chip with loadable substitution boxes . That means it can 
easily be upgraded to accommodate future modifications in the industry 
-standard DES algorithm relating to the S - boxes . 

The chip uses two data ports and one independent security-control 
port. The two data... 
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Who's minding the data store? 

Experts say encryption is a good idea for sensitive data at rest . . . and 
on the move. 
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word Count: 1390 Line Count: 135 

Text: 

... of datato be added to the CECS Medicare data collection, which totals 
more than 7t bytes . Because the data includes sensitive personal and 
healthcare information, it naturally falls under the Health insurance 
Portabi 1 i tyand Accountabi 1 i ty . . . 

... aimed at protecting the privacy of medical records. This is the main 
reason Fusca lookedat encryption with security vendor Decru, which has 
since been acquired by Network Appliance . Given the nearly $11 millionthat 
the center had received for ongoing research involving the data, Fusca says 
his encryption costs, which he estimatedat about $75,000, were well worth 
the investment. Once the Medicare... 

... the data passes through a cluster of DecruDataFort E-series appliances, 
where it is subsequently encrypted . Thus, CECS can maintain a fully 
encrypted library of morethan 7T bytes of Medicare data on tape. 
Fusca and his team nave also designed the CECS architecture, which includes 
NetworkAppliance network storage, to take advantage of DataFort's combined 
access controls, authentication and encryption capabilities. "Data now 
flows all through the system, encrypted up until the time it comes out on 
the user 1 s Linux box ," Fusca says. "Theprocess is totally transparent 
to the users, and there is no lag time in the processing of the data to 
their screen." Fusca favors hardware-based encryption , largely because of 
his prior experiences with software-based approaches. "We'd beenthrough all 
those games before [with software-based encryption ], and thought there 
had to be a better way to do encryption ,"Fusca says. He was referring to 
prior challenges managing encryption keys, the ongoing risk of keys being 
compromised, andthe difficulty of synchronizing clients to ensure... 

... latest version. Canadian accounting firm RSM Richter decided to use 
Application Security's DBEncrypt to encrypt a few SQL server 
databasefields in its Microsoft Great Plains software-based human resources 
system. . . 
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...specification would actually be data which is never processed. 
The external storage device 110 may be encrypted such that the 
blocks of program information , and authentication information are 
stored in non-sequential address location in the storage device. It would 
be preferable to include the high order address bits in encryption of 
the storage device so that any block of program information may be 
located anywhere in the memory space. Substitution tables (S-tables) 
can be used to eliminate regularity and add non-linearity in the address 
encryption . 

Specifically, the authenticated block chained external storage device 
is encrypted so that the execution of the cryptographic code can be 
concealed from a pirate who... 

...path 113. A pirate may be prevented from learning about the proprietary 
algorithms being executed. Encrypting may therefore prevent a pirate 
from ascertaining the contents of the storage device, and from 
systematically attacking the secure circuit 105 through other means with 
the hardware. Encryption of the storage device prevents the pirate from 
knowing exactly which encrypted program information is the likely 
target for attack. By knowing exactly which program information could... 

...with the appropriate byte or block at the right time, individual strings 
of sub-fields, bytes or blocks of data from the external storage 
device are. then transferred to the block buffers in a desired... 



...deciphering circuits to allow these circuits to descramble the data to 
function accordingly. 

various block encryption algorithms, such as triple DES, may be used. 
Furthermore, the scrambling algorithm may use the same substitution 
box ( S - box ) tables as DES but with fewer rounds. The number of 
rounds may be selectable forinformation can prevent a pirate from moving 
otherwise properly encrypted and authenticated block chains around in 
storage device to get the decoder to process program... 
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...SPECIFICATION processing, such as DES and triple DES processing. DES 
specifies encrypting individual 64-bit data blocks . A 64- bit data 
block of unencrypted data is provided to the DES engine, combined with 
a key, and output as a 64- bit data block of encrypted data . The 
key used for DES processing is typically a 56-bit number, although the 
key can be expressed as a 64-bit number. DES describes breaking up a 64- 
bit block of data into a right half and a left half, each 32-bits 
long. As will be. . . 

...performed, in each round, operations on the right half of the data 
include expansion, permutation, Sbox operations, and combination with a 
round key. A round key can be determined based on... 



19/3 f K/6 (Item 6 from file: 348) 

DIALOG (R) File 348: EUROPEAN PATENTS 

(c) 2006 European Patent Office. All rts. reserv. 



00907854 

CRYPTOGRAPHIC METHOD AND APPARATUS FOR NON-LINEARLY MERGING A DATA BLOCK 
AND A KEY 

KRYPTOGRAPHISCHES VERFAHREN UND EINRICHTUNG ZUM NICHTLINEAREN ZUSAMMENFUGEN 

EINES DATENBLOCKS UND EINES SCHLUSSELS 
PROCEDE ET APPAREIL CRYPTOGRAPHIQUES DE FUSION NON LINEAIRE D'UN BLOC DE 

DONNEES ET D'UN CODE 

PATENT ASSIGNEE: 

Koninklijke Philips Electronics N.V., (200769), Groenewoudseweg 1, 5621 
BA Eindhoven, (NL), (Proprietor designated states: all) 
INVENTOR: 

DEN BOER, Huibert, Prof. Holstlaan 6, NL-5656 AA Eindhoven, (NL) 
LEGAL REPRESENTATIVE: 
Groenendaal , Antonius wilhelmus Maria et al (59381), INTERNATIONAAL 
OCTROOIBUREAU B.V., Prof. Holstlaan 6, 5656 AA Eindhoven, (NL) 
PATENT (CC, No, Kind, Date): EP 839418 Al 980506 (Basic) 

EP 839418 Bl 030502 
WO 97044935 971127 
APPLICATION (CC, No, Date): EP 97919606 970513; WO 97IB544 970513 
PRIORITY (CC, No, Date): NL 103159 960520 
DESIGNATED STATES: DE; FR; GB 
INTERNATIONAL PATENT CLASS (V7) : H04L-009/06 
NOTE: 

No A-document published by EPO 
LANGUAGE (Publ i cati on , Procedural ,Appl i cati on) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS B (English) 200318 1395 

CLAIMS B (German) 200318 1563 

CLAIMS B (French) 200318 1596 

SPEC B (English) 200318 4950 
Total word count - document A 0 
Total word count - document B 9504 
Total word count - documents A + B 9504 

...specification to the key, followed by a second processing step of 
non-linearly processing the result ( S - boxes ). According to the 
invention, an algorithm is used which non-linearly merges data with a key 
in one step (i.e. one, sequentially inseparable step). As such, adding 
the key bits to the data is an integrated part of the non-linear 
operation, making the system more immune against... 

...in each round both parts of the digital input block are processed, 
giving a better encryption result than for conventional Feistel 
ciphers, such as DES, where during each round only half... 
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...specification it uses three variations of the round function itself 
throughout the cipher. Finally, the 8x32 s - boxes used in the round 
function each have a minimum nonlinearity of 74 and a maximum... 

. . .table. 

This example cipher appears to have cryptographic strength in 
accordance with its keysize (80 bits ) and has very good encryption 
/ decryption performance: over 1 MByte/sec on a 486-DX2 66mhz PC, and 
over 2 . . . 

...CLAIMS the second masking key, and the half data block being operated 
upon. 

12. The data encryption method of cryptographically transforming 
plaintext into ciphertext in data blocks of predetermined bitfength 
according to. . . 

...are fully specified for all implementations of the method and is 
independent of any key bits or data bits . 

13. The data encryption method of cryptographically transforming 
plaintext into ciphertext in data blocks of predetermined bitlength 
according to. . . 

...to combine the half data block with the first masking key and to combine 
the s - box outputs which result from the processing of the second 
modified half data block . 

14. The data encryption method of cryptographically transforming 
plaintext into ciphertext in data blocks of predetermined bitlength 
according to. . . 
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...SPECIFICATION having 8 bits, which look-up table is also referred to as 
substitution module or S -box. The output of the S-box 12 is applied to 
the XOR element ahead... 

...is indicated by Rl, R2 ... R7. Of course it is also possible to repeat 
the encryption process a higher or lower number of times. 

in contrast to known encryption algorithms, like the DES algorithm, a 
single relatively large S- box is used in the described encryption 
device instead of a plurality of small S - box elements. The use of one 
large S - box shows the advantage that a very strong non-linearity is 
introduced in one step. The... 

...is directly combined with a byte of the key and the operation provided 
by the S - box provides a strong non-linearity introduced in memory 
element 7 and after permutation through the... 

...5. As the byte modified in a non-linear manner at the output of the S - 
box, 12 is introduced into the shift register 8 at two locations, a rapid 
diffusion of this non-linearity is obtained. Thereby a better encryption 
is obtained then would be possible by means of a plurality of small S - 
box elements. The use of the XOR element between the memory elements 2 
and 3 of. . . 

...of a data block with the complement of the key and the complement of the 
encrypted data block. 

As shown in Fig. 3, decryption is obtained by the reversed operation, 
it. . . 
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...SPECIFICATION is eight characters in length. A good example of a modern 
system is the Data Encryption standard ("DES") which was developed by 
IBM in the early 1970*5 and which was adopted by the United States Bureau 
of Standards as the standard encryption system for business and 
non-military government use. Patents directed to the DES include U.S. 
Patents Nos. 3,958,081 and 3,962,539. The Data Encryption Standard is a 
block type of cipher in which a portion or block of the data to be 
encrypted is permutated with a prearranged permutation table, modified 
with a key, and then substituted with a predetermined substitution 
table . This process is repeated numerous times in what are referred to 
as rounds. Permutation is... 

...is a common cryptographic function in which the positions of letters in 
a message are scrambled in accordance with a predetermined set of 
di rections . 

Other modern encryption systems have attempted to simulate the key 
generation process of a one time pad by... first block of plaintext is 
selected. Although FIG. 1 is shown in connection with the encipherment 
of blocks of plaintext, the same steps would also be followed for 
decrypting selected blocks of ciphertext. Control then passes to 
reference 16 where the selected block of plaintext is encrypted in 
accordance with the cryptographic system of the present invention, if 
there is more plaintext left to be encrypted , as determined by query 
18, the next block of plaintext is selected at reference 20 and the next 
block is encrypted . if there is no more plaintext, then the system 
stops operation at reference 22. 

The. . . 

...tables in memory is shown in more detail in FIG. 2. A permutation table, 
an S - box table and an enclave table are initially loaded into the 
system's memory at reference... 

...entries which dictate in a particular fashion how the position of the 
bytes in the block of data undergoing encryption will be scrambled 
, or will be descrambled for decryption. This is a commonly used 



cryptographic technique. The S - box table is an arrangement for a 
plurality of substitution entries which dictate, as directed by... 

...changed to another value, while this could be included in the form of a 
standard substitution table , the S - box table arrangement is more 
efficient computationally and is well-known in the field of cryptography 
...The position of the eight bit bytes at the top of FIG. 4 will be 
scrambled as directed by the various arrows to the new position shown at 
the bottom of FIG. 4. working from the top to the bottom gives an 
encryption of the data. To decrypt the data, the positioning is 
rearranged from the bottom to... not be explained in further detail in 
this application. Likewise, a typical entry in the substitution table 
is shown in FIG. 5. If a particular plaintext value appears in any of the 

bytes of the data undergoing transformation, then the substitution 
table used will direct that the plaintext value be substituted by a new 
value. For instance... 

...5, it will be substituted by the new value of Si)). Working backwards 
through the substitution table , the encrypted data can then be 
decrypted to recapture the original plaintext values. Once again, this is 



...in FIGS. 4 and 5 are only representative of the many possibilities of 
permutation and substitution table entries and that many other 
entries would be included in the tables used in the...bc. This is 
represented by the series of querys at element 180 associated with each 
byte of the data undergoing transformation at element 170. if C is 
equal to the byte number, then that byte is not combined with the 
corresponding key byte . The block of data after it has undergone a 
round of the variable key addition is shown as element 182 in FIG. 10. 

The variable substitution for the encryption process shown in FIG. 8 
is shown in more detail in FIG. 11. Similar to... 

...substitution. Otherwise, the steps followed in each are the same, in the 
substitution process, the S - Box chosen z is determined by byte C in 
the data undergoing transformation and Mask4,R)). This is shown in fig. 
11 where Z is equated ... block in element 250 is then substituted in 
accordance with the protocol of the chosen S '- Box except for byte be. 
The result of the inverse variable substitution is a ten byte data 
block Bl through BlO at element 260. The arrangement by which byte be is 
not substituted is shown by a series of querys 258 associated with each 
byte of the data undergoing decryption in element 250. For example, in 
thefirst round of decryption, where R is ten, blO is both used to select 
the S '- Box used for the inverse substitution and is also unchanged 
during the inverse substitution. Since the... 

...byte remained unchanged during the final variable substitution. carried 
out on the data during the encryption process shown in FIG. 8, it is 
possible to recreate and work backwards through the encryption process 
through the ciphertext data. The same is true for the inverse variable 
key addition . . . 

...of the steps taken in the variable enclave for encryption shown in FIG. 
6. The block of data undergoing decryption at element 270 is split 
into a left half-block 272 and a... at element 330 as bytes Bl through 
BlO. Since during the encryption process all ten bytes of the data 
undergoing encryption were used to select a permutation table for the 
transformation, this rendered it possible to decrypt the same data by 
once again adding together all ten bytes of the ciphertext data to 
determine which permutation table should be used. This is possible since 
the permutation operation merely rearranged the order of the values. The 
information used in the encryption stage can be extracted by once again 
summing together the values in the data. 



EXAMPLE 



An example of the encryption of a ten byte block of plaintext 
data using the embodiment of the encryption system of the present 
invention discussed above will now be shown in detail. The system must be 
initialized with a permutation table, a substitution table and an 
enclave table. Tables used in this example, and created in accordance 
with the. . .generated from the initial key (which is not included in 
either table), data can be encrypted using additionally the 
permutation, enclave and substitution tables in Tables I, HA and 
IIB, and III below. A particular block of plaintext data will be 
encrypted under the system of the present invention and for ten rounds 
of encryption . 

ROUND 1 

BLOCK = 104 101 108 108 111 32 116 104 101 114 
(a) variable. . . 
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..SPECIFICATION 3002 in the data converting unit 300 (301) performs an 
exclusive-OR operation for corresponding bits in input data X and two 
shift-rotation results of the input data x that are data Rot7(x) and data 



Rotl(x) . Accordingly, the change in a single bit in the input data X 
affects not only the bit itself but another two bits . Besides, output 
data of the data substituting unit 3002 is further processed nonlinearly 
in the substitution table data storing unit 3003, as a result of 
which many more bits will end up being affected. 

Thus, the data converting unit 300 (301), i.e. the data encryption 
apparatus 10, in this embodiment produces a high bit avalanche effect 
unlike the conventional techniques... 

...number (no less than 3) of different shift- rotations (including a 
shift- rotation by 0 bit ) on input data and takes an exclusive-OR for 
corresponding bits in the input data and the shift... 

...specification avalanche effect referred to here is the observed property 
of a cipher on how many bits in the output data change as a result of 
the change of a single bit in the input data . 

US-A-5, 724,428 discloses a simple encryption and description device 
in which the underlying algorithm is a fast block cipher that makes... 

...a linear transformation; and a final permutation. Each round uses only a 
single replicated S- box . 

SUMMARY OF THE INVENTION 

in view of the above problems, the present invention aims to... 

...ability and that produces a sufficient bit avalanche effect. 

The present invention provides a data encryption apparatus provided 
with a data converting device for converting n- bit input data to n- 
bit output data , the data converting device comprising: 

shift- rotating means for generating k sets-of data by shirt-rotating 
the n- bit input data ; and 

data combining means for combining together the k sets of data to 
generate the output data, characterised in that the shift- rotating means 
shift rotates the n- bit input data respectively by Si bits, S2 bits, 

and Sk bits, Si, S2, and Sk being nonnegati ve . . . 3002 in the 

data converting unit 300 (301) performs an exclusive-OR operation for 
corresponding bits in input data X and two shift- rotation results of 
the input data X that are data Rot7(x) and data Rotl(X) . Accordingly, the 
change in a single bit in the input data x affects not only the bit 
itself but another two bits . Besides, output data of the data 
substituting unit 3002 is further processed nonlinearly in the 
substitution table data storing unit 3003, as a result of which many 
more bits will end up being affected. 

Thus, the data converting unit 300 (301), i.e. the data encryption 
apparatus 10, in this embodiment produces a high bit avalanche effect 
unlike the conventional techniques .. .number (no less than 3) of different 
shift-rotations (including a shift- rotation by 0 bit ) on input data 
and takes an exclusive-OR for corresponding bits in the input data and 
the shift. . . 
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...SPECIFICATION between T and S by an attacker during the key exchange. 
As mentioned above, the encryption /decryption algorithm for this 
system is the DES algorithm with S - box which is a standard hardware 
algorithm to encrypt data. DES is widely used by banks and financial 
institutions to protect financial transactions which... 

...for hardware implementation enabling real-time data to be securely 
exchanged between users. 

The Data Encryption standard (DES) is a block cipher, operating on 
data in 64 bit blocks. A 64 bit block of plaintext is transformed into a 
64... 

...is a symmetric algorithm, this means that the same algorithm and key are 
used for encryption and decryption. The key is 56 bits in length and 
any 56-bit value can... 

...operation of the S-boxes. There are eight S-boxes, each of which accepts 
6 bits of the data as input and gives a 4-bit output, thus reducing 
the size of the data... input specifies the row and column in which the 
output appears. The composition of the S boxes can vary. The purpose 
of this feature of the S - box is to increase the security of the 
encryption of data. a 

Finally, the 32- bit data is permuted again. This is a simple 
permutation, mapping each one of the 32 input... 

...The decryption process of transforming ciphertext into plaintext uses 
the same function f as the encryption process. The only difference is 
that the keys must be used in the reverse order. Thus, if the keys for 

encryption are Kl)), K2)), k3)), , Kl6)) f then the keys for 

decryption are Kl6)), K15)), K14)), Kl... 
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...SPECIFICATION Avec une attaque DPA, on est capable de reconstituer au 
moins 48 bits des 56 bits utiles. 

Trois documents se rapprochant de 1 'invention peuvent etre cites. 

Le premier document de Yi X. dont le titre anglais est «A method for 
obtaining cryptographically strong 8x8 S - BOXES », document publie a 
la conference sur les telecommunications a Phoenix, Arizona, Etats-Unis 
d'Amerique. . . 

...une bonne propriete contre V attaque differentielle permettant par 
1 'utili sation de tables de constantes SBOX d'accroitre la securite des 
systemes cryptographiques. 

Le second document de Miyaguchi S. dont le titre anglais est «Secret 
key ciphers that change the encipherment algorithm under the control of 
the key», document publie dans la revue « NTT review », vol... 

...permutations entre les tables de constantes elementaires Si a S8 d'une 
table de constantes S - BOX . La methode est resistante contre les 
attaques qui calculent la cle en utilisant des paires... 
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